Feeds

Stuxnet: 'Moral crime' or proportionate response?

Security experts split on cyberwar

Internet Security Threat Report 2014

Delegates at the Black Hat conference in Las Vegas are sharply split on the merits (or otherwise) of malware like Stuxnet that can be used offensively to take down infrastructure.

Stuxnet was the first malware that was publicly acknowledged to have been designed to take down physical equipment – in this case, Siemens supervisory control and data acquisition (SCADA) systems. According to recent reports it was developed by the US and Israel as part of Operation Olympic Games, a malware program started by former President Bush and expanded by the current administration.

"I think what you're talking about is a moral crime," said Marcus Ranum, faculty member of the Institute for Applied Network Security. "What you're really doing is putting civilian infrastructure on the front line in this non-existent war. The military is basically saying 'we've saved you a little old fashioned bombing - you should be happy,' but that's not appropriate."

Ranum's position brought applause from the audience, but others were less impressed. Black Hat founder Jeff Moss said that he was more supportive of using malware in this way, since it provided military options without the need to endanger human life.

"I've always thought that these were tools in the spectrum of proportional force in between harsh words and dirty looks and Mark II bombs," said Moss. "Now instead of blowing up plants and killing people you can attack the equipment, and this is another notch on the proportionality meter. If you agree with that or not it's a good tool to allow nation states to exert force without having to blow people up."

Ultimately, however, such debate is slightly pointless, F-Secure's top security man, Mikko Hypponen told The Register. The industry should focus instead on practicalities.

"Ultimately the ethics of this don't really matter – the decision has been made and this kind of stuff is going to be unavoidable." ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
You dirty RAT! Hong Kong protesters infected by iOS, Android spyware
Did China fling remote access Trojan at Occupy Central?
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.